Add a CWE array to the support cve-search#309

SashaTail · Feb 7, 2025 · 235d15f · 235d15f
1 parent 06e37d1
commit 235d15f
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 9 deletions.
diff --git a/CveXplore/core/database_maintenance/sources_process.py b/CveXplore/core/database_maintenance/sources_process.py
@@ -2,6 +2,7 @@
 import glob
 import hashlib
 import json
+import re
 import shutil
 import time
 from typing import Any, Tuple
@@ -694,17 +695,27 @@ def process_the_item(self, item: dict = None):
                                     self.stem(cpeuri["criteria"]),
                                 )
         if "weaknesses" in item["cve"]:
+            cwe_set = set()
+
             for problem in item["cve"]["weaknesses"]:
-                for cwe in problem[
-                    "description"
-                ]:  # NVD JSON not clear if we can get more than one CWE per CVE (until we take the last one) -
-                    # NVD-CWE-Other??? list?
+                for cwe in problem.get("description", []):
                     if cwe["lang"] == "en":
-                        cve["cwe"] = cwe["value"]
-            if not ("cwe" in cve):
-                cve["cwe"] = defaultvalue["cwe"]
+                        cwe_set.add(cwe["value"])
+
+            cve["cwe"] = sorted(cwe_set)
+
+            # If at least one valid CWE exists, remove all "NVD-CWE-*" entries
+            if any(not re.match(r"^NVD-CWE-", cwe) for cwe in cve["cwe"]):
+                cve["cwe"] = [
+                    cwe for cwe in cve["cwe"] if not re.match(r"^NVD-CWE-", cwe)
+                ]
+
+            # If the list is empty after filtering, assign the default value
+            if not cve["cwe"]:
+                cve["cwe"] = [defaultvalue["cwe"]]
         else:
-            cve["cwe"] = defaultvalue["cwe"]
+            # Assign the default value if "weaknesses" is not present
+            cve["cwe"] = [defaultvalue["cwe"]]
 
         cve["vulnerable_configuration_cpe_2_2"] = []
 

diff --git a/CveXplore/database_models/models.py b/CveXplore/database_models/models.py
@@ -126,7 +126,7 @@ class Cves(CveXploreBase):
     cvssTime = Column(DateTime, doc="Time of the CVSS of the CVE")
     cvssVector = Column(String(100), doc="Vector of the CVSS of the CVE")
     configurations = Column(JSON, doc="Vulnerable configurations of the CVE")
-    cwe = Column(String(50), index=True, doc="Related CWEs to the CVE")
+    cwe = Column(JSON, default=[], doc="Related CWEs to the CVE")
     epss = Column(Float, index=True, doc="Epss of the CVE")
     epssMetric = Column(JSON, doc="Epss metric of the CVE")
     exploitabilityScore = Column(Float, doc="Exploitability Score of the CVE")